CVE-2017-9445

Published: 6/28/2017 Last updated: 8/5/2024 Reserved: 6/5/2017

In systemd through 233, certain sizes passed to dns_packet_new in systemd-resolved can cause it to allocate a buffer that's too small. A malicious DNS server can exploit this via a response with a specially crafted TCP payload to trick systemd-resolved into allocating a buffer that's too small, and subsequently write arbitrary data beyond the end of it.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (2)

conf-libudev ocaml-systemd

Products affected (1)

Product	Vendor	Version
n/a	n/a	< 4.1

References (8)

https://launchpad.net/bugs/1695546
http://www.securitytracker.com/id/1038806
http://www.securityfocus.com/bid/99302
http://openwall.com/lists/oss-security/2017/06/27/8
https://launchpad.net/bugs/1695546
http://www.securityfocus.com/bid/99302
http://openwall.com/lists/oss-security/2017/06/27/8
http://www.securitytracker.com/id/1038806